Thoughts on using Azure VMs as DAG witness in Exchange 2013

About two weeks ago Microsoft announced official support for using Azure VMs as DAG witness in Exchange Server 2013 as of now. But what is it good for and why should I move critical applications to the cloud?

Well, let’s focus on the architectural prerequisites for a site resilient Exchange 2013 infrastructure. At least you need two datacenters to spread your Exchange Servers so you can do a manual switchover after one of the datacenters crashed. In order to be able to have a DAG doing an automatic site failover you are required to span your Exchange servers across at least three seperate physical locations: two datacenters for your mailbox servers and a third site to place the file share witness for your DAG. The most common BCM (business continuity management) configuration I encounter in customer infrastructures consists of maximal two datacenters in two fire compartments in one building and sometimes there are two datacenters shared across two buildings. Only the fewest of our costumers (even in large enterprise environments) work with BCM concepts that include three or more datacenters. This is where Microsoft Azure can help you save money, time and nerves.

But can you rely on an Azure VM being part of your high available and business critical IT infrastructure? Is Microsoft’s cloud 100 percent available? Is your data secure in the cloud? Well, yes and no:

No, Microsoft Azure is not 100 percent available but with the respective subscription you are guaranteed an availability of 99.9 percent per year. But nevertheless you can use an Azure VM in your environment since you only need the file share witness in case one of your primary datacenters crashes and you need to establish quorum. As long as all of your mailbox servers can reach each other, you don’t need to worry. And the probability of Azure being offline and one of your datacenters crashing at the same time is virtually zero. Regarding your data security: On the FSW you only find data about the cluster configuration, no emails, no user accounts, no passwords, no personal data.

So yes, you can rely on an Azure VM being part of your high available and business critical IT infrastructure. The new function is definitely worth a try and who knows? Maybe you’ll find yourself transitioning parts of your IT to the cloud sooner than expected.

You can find further information about the technical implementation at Microsoft’s TechNet.

Thank you for reading and best regards,

Author: Tom Janetscheck

Cloud Security Enthusiast | Security Advocate

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: